malware fix

Hello All,

Let me begin by expressing my heartfelt gratitude for the service you all provide. I found this site a while back and it helped me then as it has helped me once again.

I've completed the read and run me and it seems to have done the trick. I have a couple minor issues remaining. When I reboot, I get an error dialog box saying "error loading C:\WINDOWS\system32\bmxvwiiy.dll The specified module could not be found"

There is an "ok" button at the bottom

Everything else seems to be ok except for my clock being at 24 hrs

I'm attaching the proper files to see if you find anything still lingering.

Thank you again

pepster5

 

Hi pepster5,
Welcome to the Malware Forum!

Please do the following:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: {10fb1e2c-b721-d05a-92f4-564c8fa99524} - {42599af8-c465-4f29-a50d-127bc2e1bf01} - C:\WINDOWS\system32\gqncdemv.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [60a1847b] rundll32.exe "C:\WINDOWS\system32\bmxvwiiy.dll",b
O20 - Winlogon Notify: qomnklk - qomnklk.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rteqehda.html

After you click fix, just close hijackthis.

3) Download and install Erunt. Use it to create a backup of your registry.

4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

5) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Hello Abri,

Everything went perfect until the very end. I got an error message at the end of running GetLogs. Maybe that's not a problem, but I'm sure you'll know when looking at the log.

FYI, my system seems to be free of Malware and is running fine. So far as I can tell...

Thank You
pepster

 

Hi pepster5,

1) I don't see any resident antivirus in your logs. If you don't have an antivirus program installed on your computer, please go to How to Protect Yourself from Malware and find the free antivirus programs, download one and install it. The work we're doing on your computer is pointless if you don't have an antivirus program installed. After you complete all the cleaning procedures we will be finishing soon, I will ask you to come back to that thread and continue with installing the other recommended tools which will give your computer some added protection over and above the antivirus program without compromising your computer's speed.


2) And now, please run Avenger again as in post 2, step 5 only use the contents of this box:

3) Then run ATF Cleaner or CCleaner.

4) When you finish, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.

Let me know how things are running now?

abri

 

Hi Abri,

I'm attaching the logs you asked for. I will check the link you suggested to get the proper antispyware installed.

I just have one other question. I have installed a bunch of programs during this process. Which ones should I uninstall once I've completed everything here? Or should I just uninstall everything and start over?

Thank you very much for all your help!

pepster5

 

Hi pepster5,
Don't wait with installing the antivirus program. Your computer has the same vulnerabilities it had before, so it can get reinfected the same way in a very short time. The instructions you need for removing the tools and logs we had are in the box below. Be sure to follow the instructions for resetting system restore and for the different programs we recommend for protecting your computer. They are lightweight on the resources and provide a comprehensive protection.

abri